Page Contents
Home > @loopback/security > Subject
Subject interface
Subject represents both security state and operations for a single request. It’s the who for security.
Such operations include: - authentication (login) - authorization (access control) - session access - logout
Signature:
export interface Subject
Properties
| Property | Modifiers | Type | Description |
|---|---|---|---|
| [authorities](/doc/en/lb4/apidocs.security.subject.authorities.html) | Set<[Permission](/doc/en/lb4/apidocs.security.permission.html)> | An array of authorities granted by the user to the client application. One example is {@link https://tools.ietf.org/html/rfc6749\#section-3.3 \| oAuth2 scopes). | |
| [credentials](/doc/en/lb4/apidocs.security.subject.credentials.html) | Set<[Credential](/doc/en/lb4/apidocs.security.credential.html)> | An array of credentials, such as password, access token, or private/public keys. | |
| [principals](/doc/en/lb4/apidocs.security.subject.principals.html) | Set<[TypedPrincipal](/doc/en/lb4/apidocs.security.typedprincipal.html)> | An array of principals. It can include information about the current user, the client application, and granted authorities. `Subject` represents both security state and operations for a single application user. Such operations include: - authentication (login) - authorization (access control) - session access - logout |